How to use app passwords with CodeTwo software
You have a Microsoft 365 (Office 365) account with multi-factor authentication (MFA) enabled. When configuring a connection to Microsoft 365 in CodeTwo software, you receive the following error:
The request failed. The remote server returned an error (401) Unauthorized.
Most CodeTwo products support MFA-enabled accounts. When configuring a connection to Microsoft 365, you are asked to sign in to your tenant via Microsoft's sign-in page.
However, in some cases (e.g. when configuring a connection to SharePoint Online in CodeTwo Backup), you are still required to provide you account's credentials directly in the program. If this account is MFA-enabled, providing your regular password instead of an app password will result in an error shown above.
App passwords are created for each MFA-enabled account to allow signing in to non-browser applications. App passwords don’t expire and can be used multiple times and in different programs at the same time.
Follow the links below to learn:
- How to create app passwords and use them with CodeTwo software
- Troubleshoot problems with creating app passwords in Office 365 / Microsoft 365
To generate a new app password in Microsoft 365, you need to:
- Log in to Microsoft 365 and go to the Security info page (Microsoft 365 home page > View account > Security info).
- Click Add method, select App password and click Add (Fig. 1.). If the App password option is not available, check the Troubleshooting section first.
- Enter the name for the app password (minimum 8 characters) and click Next.
- In the next step, your app password will be shown (Fig. 2.). Remember to save the app password or use the Copy App Password to Clipboard button before you close the window. You won’t be able to display this app password again, so if you forget it, you will need to create a new one.
- Click Done to close this window.
You can now use this app password in CodeTwo software to connect to Microsoft 365. Use the app password instead of your regular account password (Fig. 3.).
Microsoft security policies prevent creating app passwords in Office 365 / Microsoft 365
After enabling multi-factor authentication (MFA) for the entire organization (or for admins only) by using the Azure AD Identity Protection or Microsoft 365 security center, some users may not be able to select app passwords as their sign-in method. To fix this, make sure that:
- users in your organization are allowed to create app passwords,
- the MFA is enabled in the MFA portal for the affected users.
- Open the Microsoft 365 admin center.
- Go to Users > Active users.
- Without selecting any user, click Multi-factor authentication (Fig. 4.). If you don’t have access to the multi-factor authentication settings, contact your administrator.
- Go to the service settings tab and select the Allow users to create app passwords to sign in to non-browser apps option and click save.
If this option has already been selected, try using this solution.
In the MFA portal, you can check the MFA status for each user. If the status shows Disabled, you need to enable it. If it shown Enabled but you still cannot use app passwords, disable MFA and then enable it again.
To enable MFA, find the account that you use in your CodeTwo software, select it and click Enable (Fig. 6.). Confirm your choice by clicking enable multi-factor auth.
It can take a while for the changes to propagate. It may be also necessary for the account to sign out and sign in again to Microsoft 365 before the App password option becomes available on the Security info page. If you still cannot select app password as your sign in method, try disabling and reenabling MFA again.
Once you have access to app passwords, follow these steps to learn how to generate them and use with CodeTwo software.